Sophos Firewall: How to Configure remote access SSL VPN with Sophos Connect client.


The Sophos Connect client allows you to enforce advanced security and flexibility settings, such as connecting the tunnel automatically. To configure and establish remote access SSL VPN connections using the Sophos Connect client, do as follows:

  • Configure the SSL VPN settings.
  • Send the configuration file to users.
  • Add a firewall rule.
  • Send the Sophos Connect client to users. Alternatively, users can download it from the user portal

Currently, the Sophos Connect client doesn’t support macOS for SSL VPN. It also doesn’t support mobile platforms for IPsec and SSL VPN. For macOS and mobile platforms, we recommend that you use the OpenVPN Connect client.

The article will guide you how to configure SSL VPN (Remote Access) with Sophos Connect Client.

Diagram network.


Step 1: Create a user group and add a user.

Go to Authentication > Groups and click Add.

Group Name: Enter the name of the group you want.

Surfing quota: Select Unlimited internet Access

Access time: Allowed all the time

Click Save.

You switch to the User tab.

User name: Enter the user name (This is the name used to authenticate the user)

Name: Name of user.

Password: Enter the password for the user

Email: Enter the user’s email

Scroll down to the Policies section.

Select Group as the Group name created in the previous step (Ex: SophosConnectGroup). Click Save.

Step 2: Create IP hosts for local subnet and remote SSL VPN clients.

Create Local Subnet:

Go to Hosts and Services > IP Host > Add.

Name: Enter the name of the Local Subnet you want

Type: select Network

IP address: Enter your local subnet ip.

Click Save.

Create Remote SSL Range.

Go to VPN and click Show VPN settings

When SSL clients sign in, they’re assigned an address from the range specified here. You must use a private address range.

Go to Hosts and Services > IP Host > Add.

Name: Enter the name you want

Type: select IP range.

IP address: Enter the ip range as checked in the step above.

Step 3: Add an SSL VPN remote access policy.

Go to VPN > SSL VPN (remote access) and click Add.

Enter a name and specify policy members and permitted network resources. Click Apply.

Step 4: Check authentication services.

Go to Authentication > Services.

Check Firewall authentication methods and Selected authentication server is Local.

Scroll to SSL VPN authentication methods.
Check that the authentication server is set to Local.

Check Device access settings

To establish the connection and ensure that users have access to the connection, you must turn on device access for SSL VPN and the user portal.

Go to Administration > Device access.
Check access to SSL VPN and the user portal.

Step 5: Add a firewall rule.

Go to Rules and policies > Firewall rules. Select Add firewall rule.
Specify the settings.

Step 6: Install and configure Sophos Connect client on endpoint devices.

To establish remote access SSL VPN connections, users must install the Sophos Connect client on their endpoint devices and import the .ovpn file to the client.
You can download the Sophos Connect client installers from the Sophos Firewall web admin console and share these with users. Alternatively, users can download the Sophos Connect client from the user portal.

Users can download the client from the user portal. Users must do as follows:

Sign in to the user portal and go to VPN. Under Sophos Connect client (IPsec and SSL VPN), click Download client for Windows.

Click Download configuration for other OSs to download the .ovpn configuration file.

Run SophosConnect_2.1.20 (Ipsec_and_SSLVPN).msi and install.
After installed, you can see Sophos Connect icon in the system tray of your endpoint device.

Click Import connection.

Select the .ovpn file you’ve downloaded.

Click Connect.

Sign in using your user portal credentials.

Connect SSL VPN with Sophos Connect success.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.